We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

ICO publishes interim guidance on cross-border data transfers

The ICO has published interim guidance on cross border transfers in light of the Schrems decision and the proposed Privacy Shield.

Although acknowledging that Schrems has cast doubt on the validity of transfers of personal data to the US under all mechanisms, the ICO has confirmed their acceptance of the use of SCCs (Standard Contractual Clauses) and BCRs (Binding Corporate Rules) for data transfers from the UK to the US in the absence of a Safe Harbor framework.

They have also confirmed that they will not be actively looking to take enforcement action against companies who were previously transferring personal data under the Safe Harbor regime. The interim guidance states that the ICO will not be hurrying to utilise its enforcement powers because no immediate increase in risk to individuals' personal data has arisen. The ICO will, however, continue to analyse complaints from data subjects regardless of the international data transfer mechanisms that are in place.

What action could be taken to manage risks that may arise from this development?

Organisations may take comfort from the ICO statement that it is not going to actively seek out companies who were previously making transfers under Safe Harbor to take enforcement action. However it is advised that organisations do still continue to seek to put in place standard contractual clause agreements when transferring data to companies who formerly relied on the Safe Harbor. The ICO statement confirms that these can be relied on for the time being at least.

What action could be taken to manage risks that may arise from this development?

Organisations may take comfort from the ICO statement that it is not going to actively seek out companies who were previously making transfers under Safe Harbor to take enforcement action. However it is advised that organisations do still continue to seek to put in place standard contractual clause agreements when transferring data to companies who formerly relied on the Safe Harbor. The ICO statement confirms that these can be relied on for the time being at least.

Compare jurisdictions: Arbitration

" I am very pleased with the content of the Lexology newsfeeds. They are a centralized way of getting legal related updates from many jurisdictions and a great way to stay informed with a minimal time commitment."